Brinztech Alert: Database of iHR Jobs is on Sale

Dark Web News Analysis

A threat actor known as “@888” on a prominent cybercrime forum is advertising the alleged sale of a database belonging to iHR Jobs (ihrjobs.com), an International Human Resources recruitment platform. The dataset reportedly contains 454,000 unique user records.

Brinztech Analysis: This claim is highly credible given the reputation of the threat actor. “@888” is a sophisticated data broker who has been extremely active throughout 2024 and 2025, previously responsible for verified, high-profile breaches such as CIEE (Brazil) and MinasBet.

• The Target: iHR Jobs appears to be a recruitment platform with a significant presence in Saudi Arabia, India, and Egypt, connecting job seekers with employers in the MENA region.
• The Data: The leak is described as a comprehensive professional profile dump, including:
  • Full PII: Names, Ages, Genders, Dates of Birth, Nationalities, Emails, Phone Numbers.
  • Professional Data: Job Titles, Skills, Education Levels, Work Experience, and Employment Types.
• The Threat: This is not just a simple email leak. It provides a complete “digital résumé” for nearly half a million professionals.

Key Cybersecurity Insights

This alleged data breach presents a critical threat to job seekers and the recruitment sector:

• Credible Threat Actor: The involvement of “@888” suggests this is a legitimate breach. This actor typically sells exclusive, high-quality datasets rather than repackaging old leaks.
• High-Value PII Exposure: The breach involves a significant volume of sensitive personal and professional data. In the hands of criminals, this data is perfect for recruitment scams (e.g., fake job offers requiring “visa fees” or “background check payments”) that target desperate job seekers.
• Impact on Professional Trust: As an HR agency, the compromise of iHR Jobs’ database directly affects job seekers and employers, potentially leading to a loss of trust and exposing individuals to scams related to employment or professional opportunities.
• Comprehensive Profiling: The leaked data allows threat actors to create detailed profiles of victims. This enables highly targeted spear-phishing attacks against the companies these individuals currently work for (e.g., “Regarding your recent application…”).

Mitigation Strategies

In response to this claim, the platform and its users must take immediate action:

• Activate Incident Response Plan: iHR Jobs must immediately launch a full incident response, including a forensic investigation to identify the breach’s origin (likely a web application vulnerability or compromised admin account) and secure affected systems.
• Prompt User Notification: The organization should notify all 454,000 compromised users immediately. Transparency is vital. Users need to be warned specifically about unsolicited job offers via WhatsApp or email.
• Enforce Credential Reset: Mandate password resets for all user accounts. Since job seekers often reuse passwords, they should be advised to change passwords on their email and LinkedIn accounts as well.
• Enhanced Fraud Monitoring: Employers using the platform should be vigilant against fake candidates or BEC attempts originating from compromised accounts.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com